Merge pull request #479 from privacyidea/478-redirect-status-codes-should-not-be-treated-as-errors

frankmer · web-flow · commit 66e2fad0f510 · 2025-09-08T10:42:10.000+02:00
feat: implement HttpStatusChecker for consistent error handling across API responses
diff --git a/.github/workflows/flutter_build.yml b/.github/workflows/flutter_build.yml
@@ -26,7 +26,7 @@ jobs:
       - uses: subosito/flutter-action@v2
         with:
           channel: "stable"
-          flutter-version: "3.32.8" # Use the latest stable Flutter version
+          flutter-version: "3.35.3" # Use the latest stable Flutter version as of Sep 03 2025
 
       - run: flutter clean
       - run: flutter --version
@@ -53,7 +53,7 @@ jobs:
         uses: subosito/flutter-action@v2
         with:
           channel: "stable"
-          flutter-version: "3.32.8" # Current latest as of July 25, 2025
+          flutter-version: "3.35.3" # Current latest as of Sep 03 2025
 
       - name: Clean Flutter project
         run: flutter clean
diff --git a/lib/api/impl/privacy_idea_container_api.dart b/lib/api/impl/privacy_idea_container_api.dart
@@ -41,6 +41,7 @@ import '../../model/riverpod_states/token_state.dart';
 import '../../model/token_container.dart';
 import '../../model/token_template.dart';
 import '../../model/tokens/token.dart';
+import '../../utils/http_status_checker.dart';
 import '../../utils/logger.dart';
 import '../../widgets/dialog_widgets/container_dialogs/initial_token_assignment_dialog.dart';
 import '../../widgets/dialog_widgets/enter_passphrase_dialog.dart';
@@ -237,7 +238,7 @@ class PiContainerApi implements TokenContainerApi {
     };
 
     final response = await _ioClient.doPost(url: requestUrl, body: body, sslVerify: container.sslVerify);
-    if (response.statusCode != 200) {
+    if (HttpStatusChecker.isError(response.statusCode)) {
       final errorResponse = response.asPiErrorResponse();
       if (errorResponse != null) throw errorResponse.piServerResultError;
       throw ResponseError(response);
@@ -284,7 +285,7 @@ class PiContainerApi implements TokenContainerApi {
     if (errorResponse != null) {
       throw errorResponse.piServerResultError;
     }
-    if (response.statusCode != 200 || piResponse == null) throw ResponseError(response);
+    if (HttpStatusChecker.isError(response.statusCode) || piResponse == null) throw ResponseError(response);
 
     return piResponse.asSuccess!.resultValue;
   }
@@ -299,7 +300,7 @@ class PiContainerApi implements TokenContainerApi {
       TokenContainer.SCOPE: requestUrl.toString(),
     };
     final challengeResponse = await _ioClient.doPost(url: container.challengeUrl, body: body, sslVerify: container.sslVerify);
-    if (challengeResponse.statusCode != 200) {
+    if (HttpStatusChecker.isError(challengeResponse.statusCode)) {
       final errorResponse = challengeResponse.asPiErrorResponse();
       if (errorResponse != null) throw errorResponse.piServerResultError;
       throw ResponseError(challengeResponse);
@@ -338,7 +339,7 @@ class PiContainerApi implements TokenContainerApi {
     };
 
     final response = await _ioClient.doPost(url: container.syncUrl, body: body, sslVerify: container.sslVerify);
-    if (response.statusCode != 200) {
+    if (HttpStatusChecker.isError(response.statusCode)) {
       final piErrorResponse = response.asPiErrorResponse();
       if (piErrorResponse != null) throw piErrorResponse.piServerResultError;
       throw ResponseError(response);
diff --git a/lib/model/exception_errors/response_error.dart b/lib/model/exception_errors/response_error.dart
@@ -19,6 +19,8 @@
  */
 import 'package:http/http.dart';
 
+import '../../utils/http_status_checker.dart';
+
 class ResponseError {
   final int _statusCode;
   int get statusCode => _statusCode;
@@ -32,7 +34,7 @@ class ResponseError {
 //<title>405 Method Not Allowed</title>
 //<title>Method Not Allowed</title>
   factory ResponseError(Response response) {
-    assert(response.statusCode != 200, 'Status code of an response error should not be 200');
+    assert(HttpStatusChecker.isError(response.statusCode), 'Status code of an response error should not be 200');
     final regexpCode = RegExp(r'<title>(\d{3})');
     final regexpMessage = RegExp(r'(?<=(<title>\d* ?))[A-Za-z][A-Za-z\s]*(?=</title>)');
     final message = regexpMessage.firstMatch(response.body)?.group(0) ?? response.body;
diff --git a/lib/utils/http_status_checker.dart b/lib/utils/http_status_checker.dart
@@ -0,0 +1,29 @@
+abstract class HttpStatusChecker {
+  static bool isInformational(int statusCode) {
+    return statusCode >= 100 && statusCode < 200;
+  }
+
+  static bool isSuccessful(int statusCode) {
+    return statusCode >= 200 && statusCode < 300;
+  }
+
+  static bool isRedirect(int statusCode) {
+    return statusCode >= 300 && statusCode < 400;
+  }
+
+  static bool isClientError(int statusCode) {
+    return statusCode >= 400 && statusCode < 500;
+  }
+
+  static bool isServerError(int statusCode) {
+    return statusCode >= 500 && statusCode < 600;
+  }
+
+  static bool isInvalidStatus(int statusCode) {
+    return statusCode < 100 || statusCode >= 600;
+  }
+
+  static bool isError(int statusCode) {
+    return isClientError(statusCode) || isServerError(statusCode) || isInvalidStatus(statusCode);
+  }
+}
diff --git a/lib/utils/privacyidea_io_client.dart b/lib/utils/privacyidea_io_client.dart
@@ -30,6 +30,7 @@ import '../../../../../../../model/pi_server_response.dart';
 import '../model/api_results/pi_server_results/pi_server_result_value.dart';
 import '../utils/logger.dart';
 import '../utils/view_utils.dart';
+import 'http_status_checker.dart';
 
 class PrivacyideaIOClient {
   const PrivacyideaIOClient();
@@ -138,7 +139,7 @@ class PrivacyideaIOClient {
       Logger.info('Post request finished');
     }
 
-    if (response.statusCode != 200) {
+    if (HttpStatusChecker.isError(response.statusCode)) {
       Logger.warning(
         'Received unexpected response',
         error: 'Status code: ${response.statusCode}' '\nPosted body: $body' '\nResponse: ${response.body}\n',
@@ -202,7 +203,7 @@ class PrivacyideaIOClient {
       Logger.info('Post request finished');
     }
 
-    if (response.statusCode != 200) {
+    if (HttpStatusChecker.isError(response.statusCode)) {
       Logger.warning('Received unexpected response: ${response.statusCode}');
     }
 
diff --git a/lib/utils/riverpod/riverpod_providers/generated_providers/push_request_provider.dart b/lib/utils/riverpod/riverpod_providers/generated_providers/push_request_provider.dart
@@ -29,6 +29,7 @@ import '../../../../model/push_request.dart';
 import '../../../../model/riverpod_states/push_request_state.dart';
 import '../../../../model/tokens/push_token.dart';
 import '../../../../repo/secure_push_request_repository.dart';
+import '../../../http_status_checker.dart';
 import '../../../logger.dart';
 import '../../../privacyidea_io_client.dart';
 import '../../../push_provider.dart';
@@ -395,7 +396,7 @@ class PushRequestNotifier extends _$PushRequestNotifier {
         return false;
       }
     }
-    if (response.statusCode != 200) {
+    if (HttpStatusChecker.isError(response.statusCode)) {
       ref.read(statusMessageProvider.notifier).state = StatusMessage(
         message: (l) => '${l.sendPushRequestResponseFailed}\n${l.statusCode(response.statusCode)}',
         details: (_) => (tryJsonDecode(response.body)?['result']?['error']?['message']) ?? '',
diff --git a/lib/utils/riverpod/riverpod_providers/generated_providers/token_notifier.dart b/lib/utils/riverpod/riverpod_providers/generated_providers/token_notifier.dart
@@ -50,6 +50,7 @@ import '../../../../repo/secure_token_repository.dart';
 import '../../../../views/import_tokens_view/pages/import_plain_tokens_page.dart';
 import '../../../firebase_utils.dart';
 import '../../../globals.dart';
+import '../../../http_status_checker.dart';
 import '../../../lock_auth.dart';
 import '../../../logger.dart';
 import '../../../privacyidea_io_client.dart';
@@ -626,7 +627,7 @@ class TokenNotifier extends _$TokenNotifier with ResultHandler {
       return false;
     }
 
-    if (response.statusCode != 200) {
+    if (HttpStatusChecker.isError(response.statusCode)) {
       Logger.warning(
         'Post request on roll out failed.',
         error: 'Token: ${pushToken.serial}\nStatus code: ${response.statusCode},\nURL:${response.request?.url}\nBody: ${response.body}',
@@ -770,7 +771,7 @@ class TokenNotifier extends _$TokenNotifier with ResultHandler {
       body: {'new_fb_token': firebaseToken, 'serial': token.serial, 'timestamp': timestamp, 'signature': signature},
       sslVerify: token.sslVerify,
     );
-    if (response.statusCode != 200) {
+    if (HttpStatusChecker.isError(response.statusCode)) {
       Logger.warning('Updating firebase token for push token failed!');
       return false;
     }
diff --git a/test/unit_test/utils/http_status_checker_test.dart b/test/unit_test/utils/http_status_checker_test.dart
@@ -0,0 +1,63 @@
+import 'package:flutter_test/flutter_test.dart';
+import 'package:privacyidea_authenticator/utils/http_status_checker.dart';
+
+void main() {
+  group('HttpStatusChecker', () {
+    test('isInformational returns true for 1xx codes', () {
+      expect(HttpStatusChecker.isInformational(100), isTrue);
+      expect(HttpStatusChecker.isInformational(150), isTrue);
+      expect(HttpStatusChecker.isInformational(199), isTrue);
+      expect(HttpStatusChecker.isInformational(200), isFalse);
+      expect(HttpStatusChecker.isInformational(99), isFalse);
+    });
+
+    test('isSuccessful returns true for 2xx codes', () {
+      expect(HttpStatusChecker.isSuccessful(200), isTrue);
+      expect(HttpStatusChecker.isSuccessful(250), isTrue);
+      expect(HttpStatusChecker.isSuccessful(299), isTrue);
+      expect(HttpStatusChecker.isSuccessful(199), isFalse);
+      expect(HttpStatusChecker.isSuccessful(300), isFalse);
+    });
+
+    test('isRedirect returns true for 3xx codes', () {
+      expect(HttpStatusChecker.isRedirect(300), isTrue);
+      expect(HttpStatusChecker.isRedirect(350), isTrue);
+      expect(HttpStatusChecker.isRedirect(399), isTrue);
+      expect(HttpStatusChecker.isRedirect(299), isFalse);
+      expect(HttpStatusChecker.isRedirect(400), isFalse);
+    });
+
+    test('isClientError returns true for 4xx codes', () {
+      expect(HttpStatusChecker.isClientError(400), isTrue);
+      expect(HttpStatusChecker.isClientError(450), isTrue);
+      expect(HttpStatusChecker.isClientError(499), isTrue);
+      expect(HttpStatusChecker.isClientError(399), isFalse);
+      expect(HttpStatusChecker.isClientError(500), isFalse);
+    });
+
+    test('isServerError returns true for 5xx codes', () {
+      expect(HttpStatusChecker.isServerError(500), isTrue);
+      expect(HttpStatusChecker.isServerError(550), isTrue);
+      expect(HttpStatusChecker.isServerError(599), isTrue);
+      expect(HttpStatusChecker.isServerError(499), isFalse);
+      expect(HttpStatusChecker.isServerError(600), isFalse);
+    });
+
+    test('isInvalidStatus returns true for codes < 100 or >= 600', () {
+      expect(HttpStatusChecker.isInvalidStatus(99), isTrue);
+      expect(HttpStatusChecker.isInvalidStatus(600), isTrue);
+      expect(HttpStatusChecker.isInvalidStatus(700), isTrue);
+      expect(HttpStatusChecker.isInvalidStatus(100), isFalse);
+      expect(HttpStatusChecker.isInvalidStatus(599), isFalse);
+    });
+
+    test('isError returns true for 4xx, 5xx, and invalid codes', () {
+      expect(HttpStatusChecker.isError(404), isTrue); // client error
+      expect(HttpStatusChecker.isError(500), isTrue); // server error
+      expect(HttpStatusChecker.isError(99), isTrue); // invalid
+      expect(HttpStatusChecker.isError(600), isTrue); // invalid
+      expect(HttpStatusChecker.isError(200), isFalse); // success
+      expect(HttpStatusChecker.isError(301), isFalse); // redirect
+    });
+  });
+}
